Corel is all about breaking convention to achieve exceptional things. We’re the people behind the world’s leading software and we’re obsessed with finding new ways to harness the creativity of our customers and our employees. We’re a talented, eclectic, and eccentric group that makes coming to work every day worth your while. This is not your typical tech team. We also have a healthy respect for work-life balance – so you can leave work at work.
We’re looking for a senior analyst or manager in the field of Governance, Risk, and Compliance (GRC) to bring our security practices to the next level.
You will report to our Global Business Operations and lead the company to achieve SOC 2 Type 2, ISO 27001, and other relevant industry compliance certifications. Additionally, you will help with GDPR compliance, improve security best practices among the engineering and research teams, and improve security knowledge within the company.
- Work with the IT and engineering teams to ensure common vulnerabilities and exploits (CVEs) are resolved promptly by the engineering teams
- Create, track, and report GRC metrics to the leadership team
- Develop roadmaps for and achieve compliance for Corel hosted products on SOC 2 Type 2, ISO 27001, and others
- Own the documentation for standards, policies, and processes for sales collateral and internal distribution
- Manage audits and assessments with internal and external stakeholders
- Handle compliance and audit requests in conformance with GDPR for EU customers and employees
- Serve as the IT compliance subject matter expert to the business
- 3+ years of program/project management experience
- 3+ years of functional knowledge of the TCP/IP protocol suite, LAN/WAN technologies, switching, routing, VoIP and Telephony technologies, firewalls and VPN, intrusion prevention systems (IPS), vulnerability assessment and patch management tools
- 3+ years of functional knowledge of Unix and Windows server operating systems
- Extensive knowledge of GRC best practices for SaaS organizations
- Successful delivery of compliance for a SaaS product to one or more security standards (SOC 2, ISO 27001, and NIST 800, for example)
- Familiarity with security standards and US and EU privacy laws (HIPAA, CCPA and GDPR)
- Experience delivering on multi-stakeholder projects
- Familiarity with SaaS architectures, software development, and deployment to cloud providers
- Active CISSP, CISM, SANS or other industry-recognized equivalent security certifications is required
- Active CISA, GRCA, GRCP or other industry-recognized equivalent audit or compliance certifications are required or must be willing to obtain within the first year of employment.
- Experience or certifications related to non-IT disciplines such as PMP, ITIL or Six Sigma
- Experience with Agile and DevOps methodologies
- Oral and written communications skills to enable effective and meaningful information exchange between technical and non-technical people across multiple levels of organizational structure
Corel products enable millions of connected knowledge workers around the world to do great work faster. Offering some of the industry's best-known software brands, we give individuals and teams the power to create, collaborate, and deliver impressive results. Our success is driven by an unwavering commitment to deliver a broad portfolio of innovative applications – including CorelDRAW®, MindManager®, Parallels®, and WinZip® – to inspire users and help them achieve their goals.
It is the policy and practice of the Company to offer equal employment opportunities to all qualified applicants and employees without regard to race, color, age, religion, national origin, sex, political affiliation, sexual orientation, marital status, disability, veteran status, genetics, or any other protected characteristic.